On 12/17/2013 02:59 AM, Werner Koch wrote: > Well, bowsers could first try to use https. Would it help them to provide > a SRV record for this?
The reason is because people often have different websites running on port 443 than they do on port 80, and people also often have non-browser-trusted certs. For a prime example, check these two: https://www.theguardian.com/ http://www.theguardian.com/ If the browser tried https first, everything would would break, not to mention if you click through the cert warning you just get a generic "The page cannot be displayed" error page. This is why HTTPS Everywhere needs thousands of intricate rulesets to maximize the number of HTTPS requests, and do things like make cookies use the secure flag. >> If you want to fix this, you could make all incoming http traffic >> respond with a 301 redirect to https. > > I am not sure whether this helps. If we eventually offer http download > we could use https: fro that instead. There is also a plan for provided > a hidden tor service. I think it would help. There's no reason that security software should serve anything over port 80 besides 301 redirects to port 443. > I hesitate to pay the highwaymen. Yeah... The problem is you're wanting to make GnuPG go mainstream but then you end up with people seeing this: http://i.imgur.com/53nvUqm.png -- Micah Lee
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
